DDoS attacker tracing method based on autonomous system

An autonomous domain and marking method technology, applied in the field of network security, can solve problems such as implementation difficulties, and achieve the effects of simple implementation, low computational load and path reconstruction consumption, and good scalability.

Inactive Publication Date: 2012-11-28
CHANGZHOU UNIV
View PDF3 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This marking method has a good performance in the tracking of short-distance attack events, but it performs poorly in the tracking of long-distance attack events. In addition, this marking method requires all routers in the Internet to participate in the marking, which requires router manufacturers and network Service Provider (ISP) support, difficult to implement for administrative or technical reasons

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DDoS attacker tracing method based on autonomous system
  • DDoS attacker tracing method based on autonomous system
  • DDoS attacker tracing method based on autonomous system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] The present invention will be further elaborated below in conjunction with specific examples.

[0031] Such as figure 1 As shown, firstly, the ingress router marks the data packets with a certain probability, then the target host extracts the attack data packets, performs path reconstruction to obtain the AS through which the attack path passes, and finally confirms the ingress router.

[0032] one. Selection of Marking Probability

[0033] Assume that an attack path passes through d ASs, and the ingress router on each AS marks the data packet with probability p, then the probability of each data packet passing through d nodes to be marked is at least dp(1-p) d-1 . According to the uneven probability coupon collector problem, the maximum number of packets required to reconstruct the attack path is: . Therefore, the number of data packets required for path reconstruction is related to path length d and marking probability p, and selecting an appropriate marking pro...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DDoS (Distributed Denial of Service) attack source tracing method for an autonomous system and belongs to the technical field of network security. The technical scheme is that firstly, an ingress router marks a data packet according to a certain probability, then a target host extracts the attacked data packet for bath configuration to obtain the AS (Autonomous System) through which an attack path passes, and finally, the ingress router is determined. The DDoS attack source tracing method is mainly used for searching the autonomous system where the attack source is positioned and finding out the attacked ingress router in case of a DDoS attack, so that the attack is suppressed at the attack source.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to an attack source tracking method for a distributed denial of service attack (DDoS) of an autonomous domain system, which is mainly used to solve the problem of finding the autonomous domain where the attack source is located in the case of a DDoS attack and Identify attacking ingress routers to contain attacks at their source. Background technique [0002] Since the 1990s, the Internet has developed by leaps and bounds. The Internet has closely linked people's work, study and life, involving education, economy, politics, military and other industries and departments. It has become the infrastructure of the entire society. important parts of. At present, the threats to network security in the Internet mainly come from three aspects: hacker attacks, computer viruses and distributed denial of service attacks (DDoS). DDoS attack is a form of active attack on th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 倪彤光顾晓清李玉
Owner CHANGZHOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap